Hello!
- Vote on this issue by adding a 👍 reaction
- If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
Issue details
From a past discussion:
Currently, the certificate for the step-ca server (HTTPS) cannot be changed, and it always uses an ECDSA P-256 key.
It would be really interesting to let the the users choose which certificate type the CA uses.
Why is this needed?
Some users may not consider P-256 the safest choice, then they may be willing to use a different certificate for the CA itself.
The certificate would make more sense if using the same type as the intermediate. If not, then the user should be allowed to decide which certificate certificate type the the step-ca server will use.
Hello!
Issue details
From a past discussion:
It would be really interesting to let the the users choose which certificate type the CA uses.
Why is this needed?
Some users may not consider
P-256the safest choice, then they may be willing to use a different certificate for the CA itself.The certificate would make more sense if using the same type as the intermediate. If not, then the user should be allowed to decide which certificate certificate type the the step-ca server will use.